carl moonan | the dude abides

Jun 16, 2007

Configure SSH to use v2 and public key based authentication on mac OS X

This post is not finished but take a look anyway while i tidy it up…

My friend told me of this brute force attack on SSH he noticed on his machine. It had the effect of really slowing down his router/machine. He also showed me this interesting article here on how he configured the security in ssh to assist in the prevention of such issues.

This post if a simple summary of these articles to configure ssh to only allow version 2 of SSH and to secure it such that public keys should be used.

This is a three step process:

  • Configure ssh to be more secure
  • Generate public keys on client
  • Store public keys on server to allow pre authenticated keys to connect

    • Step 1
    Backup sshd_config

    sudo cp /etc/sshd_config /etc/sshd_config.bak

    Modify config

    sudo pico /etc/sshd_config

    Original:
    #Protocol 2,1

    Modified:
    Protocol 2

    Original:
    #PermitRootLogin yes

    Modified:
    PermitRootLogin no

    This will configure ssh to only use version 2, it will also prohibit root login which is always helpful (note you can leave this step if its not good for you).

    Step 2
    Generate SSH keys
    On the client you want to connect from open a terminal and run the following command. There will be some prompts for a pass phrase, leave this blank unless you want to type some text when you login.

    ssh-keygen -t rsa

    you will see something like this when complete:

    Your identification has been saved in /Users/username/.ssh/id_rsa.
    Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
    The key fingerprint is:
    65:3c:9e:15:87:a6:14:4a:55:bf:e4:3e:ea:2c:22:ed username@localhost

    Step 3
    Now you have key you will need to login and save your public key into the server you want to connect to and also you will need to configure ssh there use these keys only rather than challenge response based authentication.

    Get access to the public key portion of your client key e.g. see below. You will notice that this is the file generated by the step above.

    cat ~/.ssh/id_rsa.pub

    login as normal to your ssh server and save the public key to the .ssh folder e.g.

    pico ~/.ssh/authorized_keys2

    paste the complete contents of the file into this new file and save it. This includes from ssh-rsa till the end.

    review:

  • Configure ssh on server to be version 2 only and disable root login.
  • Create a set of keys to connect with.
  • Store public portion of key onto server.

    • Completion:
    Configure ssh to only allow key based authentication

    One Comment, Comment or Ping

    1. carl moonan » Blog Archive » How to configure Apple Remote Desktop remotely via command line on Mac OS X 10.5 - Feb 13th, 2008

    Reply to “Configure SSH to use v2 and public key based authentication on mac OS X”

      Pages

      Flickr Photos

      andrea elouise london eye lifejackets be here minute of decay yui taking hold budapest street music paul and nicole

      Tag & Category Cloud

      biker (11)
      computing (11)
      general (21)
      howto (23)
      travel (15)
      Uncategorized (3)
      web hosting (4)

      WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.